October 22, 2010

Amazon EC2 allows you to create and manage server instances in the cloud with ease. They are scalable and easy to setup. There are many AMIs (Amazon machine image (AMI)) that you can use to get started. AMIs are basically server images that contain a whole OS installation and more. For example some AMI’s may have a web server with php setup. You can think of it as a virtual host image. This makes things much easier in the long run. You can use one of many AMIs out there to get started with your new server, rather than having to start from scratch. You can also build your own AMIs.

Other than AMIs you have AKIs and ARIs. AKI stands for amazon kernel image and ARI stands for amazon ramdisk image. You can lunch an AMI with a AKI of your choice. Obviously these should match and you should be sure that they work together.

Interfacing with AWS

There are several ways you can interface and communicate with AWS. When it comes to EC2 for example you could use the AWS Management console, the command line tools or the API. If you are a human you would prefer using the management console which is a web interface or the command line tools.

AWS Management console is a web application and its pretty easy on newbies. Where as command line tools have a ton of commands that you take you sometime to memorize (if you can memorize them at all). However thanks to grate documentation from Amazon it shouldn’t be hard to find help with any interface that you choose to use.

Setting up the Command Line Tools

You will need to download and setup the command line tools on your machine. Command line tools are written in java so you will need java to make use of them. You will also have to setup some environment variables. After setting up the command line tools you will have to download your ec2 private key and the certificate and put them some where safe. You will also need to setup some environment variables to point to these.

Setting up a SSH Key Pair

You will need to setup a ssh key pair so that you use it to login to server instances you lunch. You can create the key pair your self or let amazon do it for you. Refer the the guide for step by step instructions on how to do this.

Launching a Instance

Doing this with the AWS Management console is pretty straight forward. So i will focus on how to do it with the command line tools. Keep in mind that you get billed for the time that you are running your instances. So if you are only playing around EC2, be sure to terminate any instances you lunch after you are done.

Finding a suitable AMI

You can use the ec2-describe-images command to find a image that suites you. However just executing this command with no options will give you nothing. ec2-describe-images -a will give you all the available images. But be warned that its a lot of images, so it will take some time.

Root Devices

When you are choosing an AMI you would notice that some of them has their root device as instance store while some of them has it as EBS (elastic block storage). The basic difference between these instances are that if one uses the instance store, it will basically loose all its data when you terminate it. However a image that uses EBS will remember its state. Note that whats in the ram will be destroyed in both cases.

Security Groups

One thing that confused me the most when i started working on a server that was hosted on ec2 was the existence of security groups. You can think of them as firewall policies, sets of rules on what ports are to be allowed and not on a given group. By default every port is blocked.

Its a good idea to add a security group before lunching any instances as you will have to specify a security group for the instance that you are lunching. And without specifying one you won’t be able to access the instance through ssh.

You can use ec2-describe-group to find out what groups you already have, and what the configurations are on those. In my case i was using my companies AWS account and there were some existing groups. The output looked something like the following.

There are three groups here and they all allow ssh from the whole of internet. If you want to create a security group you will need to use ec2-add-group.

ec2-add-group ladygaga -d “strictly for gaga fans only”

the above command will create a group called ladygaga with a description. Note that you can always use the default group rather than creating new ones.

ec2-authorize ladygaga -p 22 would open up port 22 (used for ssh).

Running an Instance

ec2-run-instances ami-6b26ca02 -k yf-keypair

this would run a instance with the specified AMI. The k option here specifies the ssh key pair we want to use to authenticate our self’s when logging in to the instance. When you execute this command you should see some output like the following.

We can see that the public DNS name for this instance is ec2-184-72-142-168.compute-1.amazonaws.com. We can connect to it through ssh. But we will have to use the key pair we used when we initially created the instance, to authenticate our self’s.

for most systems you can login as root. But for some systems (some ubuntu AMIs require you to login as ubuntu) this can be different.

Now that you are logged in you can configure the system and have a lot of fun!

Availability Zones and Regions

If AWS EC2 is the cloud it consists of regions. These regions are located in different parts of the world. And within the regions you have multiple availability zones. If your server carters mainly for visitors from a specific region you could run your instance in that region. And to improve the availability of your application you could have instances of your application running in multiple availability zones. So in case one availability zone goes down, your application can still survive if its hosted on other availability zones.

You can view the regions that are available to your account by executing

Thats it. I learned a lot by writing this. Note that my main source of information for this blog post was the AWS official documentation. The official documentation seems to be very good. So if you ever need to know something google it up. If you need to get more information on the command line tools and the different arguments that they accept refer the command line reference here (http://docs.amazonwebservices.com/AWSEC2/latest/CommandLineReference/index.html).

And IMHO if you are new to AWS, its best to try things out using the AWSMC first before digging in to the command line. But once you get comfortable with using it. You could just use a combination of guessing, command line reference mentioned above and refer the in built help (ec2-command –help) to find your way through the command line tools.